metarget icon indicating copy to clipboard operation
metarget copied to clipboard

Published 20 hours ago verified publisher icon Metarget

cve-2019-16884 can't work because of the wrong runc version

Open terenceli opened this issue 3 years ago • 0 comments

While reproducing the cve-2019-16884 I find it can't work. After digging into this it seems the runc version is wrong. When I reproduce this issue in here https://github.com/opencontainers/runc/issues/2128 I got following error:

cannot be mounted because it is located inside \\\"/proc\\\\

The runc version for this issue is docker-ce 18.03.1(runc 1.0.0-rc5).

If we use runc 1.0.0-rc6 it can work.

The reason that runc 1.0.0-rc6 can work because this change(linux: drop check for /proc as invalid dest): https://github.com/opencontainers/runc/commit/636b664027293628bbb59a58e7ec5d4cd567affb

So this issue can only trigger after 1.0.0-rc6.

Don't know the relation of docker-ce version and runc version.

Maybe we need to download runc and replace the docker-ce shipped runc.

Thanks, Li Qiang

terenceli avatar Nov 11 '21 02:11 terenceli